Tuesday, November 27, 2012

MEMBANGUN PROXY SERVER DENGAN SQUID

Squid merupakan aplikasi yang dapat kita gunakan untuk membangun sebuah proxy server.  Selain dapat digunakan dilingkungan linux, squid juga dapat digunakan di lingkungan windows.
Apa sih perbedaan sebelum dan sesudah menggunakan squid ?? Tentu saja banyak :
1. Membantu mengurangi bandwith yg kita miliki jika bandwith inet kita pas2-an.
2. Membantu pemerintah untuk ikut serta gerakan anti pornograpi.
Langkah Instalasi Squid

Install Squid
# apt-get install squid
File Konfigurasi Squid
Squid configuration file
vi /etc/squid/squid.conf
Dalam file ini kita hanya akan melakukan konfigurasi dasar :
http_port 1212 transparent
# http_port 192.168.2.1:8080 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
cache_mem 1 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 16 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 100 KB
ipcache_size 2048
ipcache_low 90
ipcache_high 95
logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
#cache_dir ufs /var/spool/squid 4000 16 256
cache_dir ufs /var/spool/squid 70000 171 256
access_log /var/log/squid/access.log squid
#cache_log /var/spool/squid/logs/cache.log
hosts_file /etc/hosts
# cache_store_log none
logfile_rotate 0
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern /.gif 4320 50% 43200
refresh_pattern /.jpg 4320 50% 43200
refresh_pattern /.jpeg 4320 50% 43200
refresh_pattern /.png 4320 50% 43200
refresh_pattern ^http://www.friendster.com/.* 720 100% 10080
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 10080
refresh_pattern ^http://*.yahoo.*/.* 720 100% 7200
refresh_pattern ^http://*.google.com/.* 720 100% 10080
refresh_pattern ^http://www.facebook.com/.* 720 100% 28800
refresh_pattern ^http://*.blogsome.com/.* 720 80% 10080
refresh_pattern ^http://*.wordpress.com/.* 720 80% 10080
refresh_pattern ^http://detik.com/.* 720 90% 2880
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
negative_ttl 2 minutes
#Recommended minimum configuration:
#acl home_network src 192.168.1.0/24
#acl business_hours time M T W H F 8:30-17:30
#acl porn url_regex “/etc/squid/porn.block.txt”
#acl whitelist url_regex “/etc/squid/whitelist.txt”
#acl porn url_regex “/etc/squid/porn.block.txt”
#Tulisan warna orange tidak diaktifkan karena pengaturan akan melalui squidguard.
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl divgames src 172.16.8.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#http_access deny porn
http_access allow manager localhost
#http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow divgames
http_access deny all
http_reply_access allow all
icp_access allow all
tcp_outgoing_address 202.50.60.70 divgames

cache_mgr noc@boleh.net.id
visible_hostname Boleh-Networks
coredump_dir /var/spool/squid/cache
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
#redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
Squid access log file
vi /var/log/squid/access.log
Konfigurasi squidGuard.conf
vi /etc/squid/squidGuard.conf
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /var/lib/squidguard/db/blacklists
logdir /var/log/squid
time workhours {
weekly smtwhfs 08:30 – 17:30
date *-*-01    08:30 – 17:30
}
src notoke {
ip      172.16.3.0/24
}
src oke {
ip    172.16.8.0/24
}
dest porn {
domainlist porn/domains
urllist porn/urls
}
dest drugs {
domainlist drugs/domains
urllist drugs/urls
}
dest gambling {
domainlist gambling/domains
urllist gambling/urls
}
dest spyware {
domainlist spyware/domains
urllist spyware/urls
}
dest suspect {
domainlist suspect/domains
urllist suspect/urls
}
dest violence {
domainlist violence/domains
urllist violence/urls
}
dest bad {
domainlist bad/domains
urllist bad/urls
}
dest whitelist {
domainlist whitelist/domains
}
acl {
okee {
pass whitelist !bad !porn !drugs !gambling !spyware !suspect !violence all
redirect http://localhost/index.html
}
oke {
pass whitelist !porn !drugs !gambling !spyware !suspect !violence all
redirect http://localhost/index.html
}
default {
pass none                # reject unknown clients
redirect http://localhost/index.html
}
}
setelah melakukan konfigurasi :
#squid -k reconfigure
#squidGuard -C all
Troubleshoot
/var/log/squid/access.log
/var/log/squid/squidGuard.log







Sumber:http://boleh.net.id/cara-membangun-proxy-server-dengan-squid-di-ubuntu-debian.html

0 comments:

Post a Comment